TT-Forums has been quietly available over SSL for a number of years now, but I've now installed a phpBB extension that'll transparently proxy any non-SSL [img] tags (and avatars and signatures) over HTTPS (via imageproxy.tt-forums.net). However, the majority of you will have accessed the non-secure site by default. Now, while TT-Forums isn't exactly your online banking, there is a general push at the moment to get every site using encryption, so TT-Forums (and related sites, such as TT Wiki and TT-Forums Projects) will now only be available via a secure connection.

One problem with trying to run a forum via SSL is that you can use the [img] tag to embed images which may not be secure. You can also link to externally hosted avatars. We do however have a solution for that - all HTTP [img] links will now be transparently proxied via imageproxy.tt-forums.net, a secure site.

Please let me know how you find everything. If anybody notices any problems, please let me know. If you find the site seems significantly slower too, that would also be of interest (it seems pretty much the same to me).

Also, as a minor aside, I've updated the [youtube] BBCode so it's a bit more modern and no longer tries to embed Flash (it instead embeds YouTube itself via an iframe, the recommended method these days).

Oddly, it seems to be some sort of weird problem with lighttpd I think (imageproxy.tt-forums.net forwards to an internal Camo server which performs the actual image retrieval, etc). If I access the Camo server directly over HTTP it's fine; if I download the image to the server and access it over HTTPS it's fine too - it just seems to be the proxied version that's misbehaving. It's adding an extra 20 bytes of data, including some newlines and so on. I wonder if it's interpreting it as HTML or something and messing it up. I've no idea why, and can't see anything in the configuration that might be causing that.

At some point I may switch to nginx, lighttpd has always worked pretty well though.

A bit of a faff for you, but you could consider getting a free SSL certificate and encrypting your site too.

Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.

Nah, it's hosted on my dedicated server here - which has frankly never even seen SSL I tend to keep these things on my own dedis, as it directly communicates with my phones. Then it's entirely my own fault if it gets compromised, can't blame anyone else

Oops, that was my own fault it seems - Pikka's wiki was being hammered by bots recently and they were causing significant slowness on the server, so I attempted to block some, but apparently I made a syntax error when doing so and didn't check it properly. (Load went down so I thought it had been fixed, which was kind of true...) Now fixed!

Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".

Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".

If you are referring to Chromes feature where it downloads things to a remote server then resends a smaller version, i've tried without that and it still errors. It also works fine on other HTTPS sites (I tried google, as its the only HTTPS forced site I know off hand)

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum